A security researcher discovered just how insecure GPS satellite networks are after uncovering that they don’t properly protect their communications, leaving them susceptible to be hacked by device on earth.
Colby Moore, a researcher with the security firm Synack, revealed just how easy it is to crack into Globalstar’s GPS satellite network. A company that touts themselves as “the world’s most modern satellite network.”
A large number of industries rely on GPS trackers that beam data to satellites, which in turn send them back to stations on Earth. Using cheap hardware Moore was able to successfully intercept and decoded the transmitted satellite data, none of which was sent in an encrypted format.
He also discovered there are no security measures in place to ensure that data is only shared between real verified trackers and base stations. With such access, Moore was able to decode the satellite transmission data and even create fake GPS data that he could send back.
If an attack was orchestrated successfully, cybercriminals would be able to redirect ships and get off with trucks full of precious cargo while setting off no alarms. Hackers could even direct emergency services responding to sinking ships afar from any actual wreckage.
The aviation industry is especially at risk, due to the fact that many planes transmit their location using Globalstar’s technology, even more now that the organization that collects pilot flight plans signed a deal with the satellite company back in June.
If a hacker altered a planes GPS signals they could create real chaos, causing multiple planes to land at one time, redirect them off path and take them to unknown destinations.
Moore is set to present his findings at this weeks Black Hat hacking conference going on in Las Vegas.
Globalstar, the company behind the vulnerable satellites chose to disregard the flaw and skipped discussing details on whether or not they plan to start encrypting and securing their satellite communications.
“This type of situation has never been an issue to date,” said Allison Hoffman, a Globalstar company representative. The company said it would know if its systems were under attack.
In today’s day and age, a lack of encryption on communications could mean life or death, as we’ve seen with the recent set of vulnerabilities plaguing computers, cars and even firearms. Encryption has become such a necessary security measure that it’s become expected when browsing the web or using other forms of communication.
Globalstar’s security issues likely stem from old technology, as the company had already launched 40 satellites into space by 1999, when encryption wasn’t really commonplace. Plus, encrypting communications can make the bandwidth load larger, as bandwidth in space was already extremely expensive nearly 20 years ago.
Due to the company’s unwillingness, Moore said safeguards would need to be implemented to the devices on Earth or upgraded in the least. But this strikes a problem as some 649,000 Globalstar customers utilize devices with software that could be near impossible to upgrade.